package com.dayuanit.dy15.ebook.ebookadminbackoffice.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class UserController {

    @RequestMapping("/user/login")
    public void login(String username, String pwd) {
        AuthenticationToken token = new UsernamePasswordToken(username, pwd);
        SecurityUtils.getSubject().login(token);
        System.out.println("登录完毕");

        System.out.println("当前用户>>" + SecurityUtils.getSubject().getPrincipal());
    }

    @RequestMapping(value = "/user/logout")
    public void logout() {
        SecurityUtils.getSubject().logout();
    }

    /**
     * 必须是财务才能查看
     * 需要授权后才能访问
     */
    @RequiresRoles(value = "cfo")
    @RequestMapping("/user/queryBalance")
    public void queryBalance() {
        System.out.println("查询我的余额...");
    }


}
